IP Address Blacklist

Wallarm can block most harmful traffic request-by-request if a malicious payload is detected. However, for behavioral-based attacks when every single request by itself is legitimate (e.g. login attempts with username/password pairs), blocking by origin is necessary.

Wallarm can block bots and behavioral-based attacks, such as application abuse, brute-force, and forced browsing, by automatically adding IPs to the blacklist. Administrators can also manually add IP addresses and subnets for blocking.

The blacklist is available at the Blacklist tab where users can

Review the list of blocked IP addresses and the reasons they were blocked;

Instantly unblock any IP address or set the time to unblock;

Add an IP address or a whole subnet to the blacklist.

Enable on Wallarm Node

For the blacklisting to take effect, you must enable it on Wallarm Node.
More...

Review the Active Blacklist

By default, Wallarm will show the list of all IPs that are currently blacklisted. The same view is available by clicking the Now filter.

For every element of a blacklist entry, Wallarm shows:

IP: the blocked IP address. There may also be a country code in small-sized grey font.